Python SDK for OKAP (Open Key Access Protocol) - Secure API key delegation
Project description
OKAP Python SDK
Python SDK for OKAP (Open Key Access Protocol) - Secure API key delegation.
Installation
pip install okap
For vault server functionality:
pip install okap[vault]
Quick Start
For Apps (Requesting Access)
from okap import OkapClient
# Connect to user's vault
client = OkapClient(
vault_url="https://vault.example.com",
app_name="My AI App"
)
# Request access to OpenAI
token = client.request_access(
provider="openai",
models=["gpt-4", "gpt-4o-mini"],
capabilities=["chat"],
monthly_limit=10.00, # $10/month max
reason="For AI-powered features"
)
# Use with OpenAI SDK - just change base_url
from openai import OpenAI
ai = OpenAI(
api_key=token.token,
base_url=token.base_url # Points to vault proxy
)
response = ai.chat.completions.create(
model="gpt-4",
messages=[{"role": "user", "content": "Hello!"}]
)
For Vaults (Hosting Keys)
from okap.vault import OkapVault, MemoryStorage
from fastapi import FastAPI
app = FastAPI()
vault = OkapVault(
storage=MemoryStorage(),
base_url="https://vault.example.com"
)
# Add your API keys
vault.add_key("openai", "sk-...")
vault.add_key("anthropic", "sk-ant-...")
@app.post("/okap/request")
def handle_request(request: dict):
from okap.models import AccessRequest
req = AccessRequest.model_validate(request)
# In production, show approval UI to user first!
# For demo, auto-approve:
return vault.approve_request(req)
Features
- Secure delegation: Master keys never leave the vault
- Usage limits: Set spend caps and rate limits per app
- Expiration: Tokens auto-expire
- Revocable: Revoke access instantly
- Provider agnostic: Works with OpenAI, Anthropic, Google, etc.
Models
AccessRequest
from okap import AccessRequest
request = AccessRequest(
provider="openai",
models=["gpt-4"],
capabilities=["chat", "embeddings"],
limits=Limits(monthly_spend=10.00),
expires="2025-03-01",
reason="For my cool app"
)
OkapToken
from okap import OkapToken
# Returned after approval
token = OkapToken(
token="okap_abc123...",
base_url="https://vault.example.com/v1/openai",
provider="openai",
models=["gpt-4"],
expires_at=datetime(2025, 3, 1)
)
Error Handling
from okap import OkapClient
from okap.errors import AccessDeniedError, VaultError
try:
token = client.request_access(provider="openai")
except AccessDeniedError as e:
print(f"User denied access: {e}")
except VaultError as e:
print(f"Vault error: {e}")
Development
# Install dev dependencies
pip install -e ".[dev]"
# Run tests
pytest
# Lint
ruff check .
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
okap-0.1.1.tar.gz
(7.6 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
okap-0.1.1-py3-none-any.whl
(9.3 kB
view details)
File details
Details for the file okap-0.1.1.tar.gz.
File metadata
- Download URL: okap-0.1.1.tar.gz
- Upload date:
- Size: 7.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5939e715310d3accddd6e7b3692eeda1eb46efcf9dede9f61614b58165a755a1
|
|
| MD5 |
c68d3c46025fdcb4503974a18884013a
|
|
| BLAKE2b-256 |
f86bd4eb0075828bab3ae2535b320bbf251cbb487993cb02342021380ca6ad61
|
File details
Details for the file okap-0.1.1-py3-none-any.whl.
File metadata
- Download URL: okap-0.1.1-py3-none-any.whl
- Upload date:
- Size: 9.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8f880814d8fe4599ff8c7a968b58b835b1f7697ae2a9b1e914248af1d24893a9
|
|
| MD5 |
dda1d334627517ed5b9bee4ddf46a20e
|
|
| BLAKE2b-256 |
48e4ccc5b308109b5e552adddb16161fbd3989c1609a1e7b1bd720975202a10b
|
